Replace `MBEDTLS_PK_CAN/HAVE_ECDSA*` with its `PSA_WANT` counterparts

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.21k stars 2.55k forks source link

Replace `MBEDTLS_PK_CAN/HAVE_ECDSA*` with its `PSA_WANT` counterparts #9337

Open gabor-mezei-arm opened 2 months ago

gabor-mezei-arm commented 2 months ago

Replace these macros:

MBEDTLS_PK_HAVE_ECC_KEYS to PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
MBEDTLS_PK_CAN_ECDSA_SIGN to PSA_WANT_ALG_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
MBEDTLS_PK_CAN_ECDSA_VERIFY to PSA_WANT_ALG_ECDSA && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
MBEDTLS_PK_CAN_ECDSA_SOME to PSA_WANT_ALG_ECDSA

The macros should be replaced in all files except mbedtls_config.h, check_config.h and config_adjust_*.h.

Ensure that the test are run in the same way.

gilles-peskine-arm commented 2 months ago

It's never PSA_WANT_ALG_ECDSA but instead PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMNISTIC_ECDSA. (Randomized) ECDSA and deterministic ECDSA are distinct signature algorithms, but they are functionally equivalent. This comes up often, so we should define a symbol like

#define PSA_HAVE_ALG_SOME_ECDSA (PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMNISTIC_ECDSA)

in include/psa/*adjust*.h.